Notifications

Why choose Octotrack?

No access to your code is requested. You can update your dependencies manually by uploading your Gemfile.lock or automatically using a git post-commit hook (Octotrack provides a simple script to install).

Analyse dependencies relationships. Understand the connections between your dependencies and how much you rely on each of them.

Daily notifications of vulnerabilities and dependencies updates. Octotrack works for you while you sleep 😴 so you never have to wake up in the middle of the night because of a security issue.

Features

Dashboard

Complete control of all your projects dependencies, security and statistics about dependency usage.

Latest Vulnerabilities

ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect
XML canonicalization and DOM traversal. Specifically, there are inconsistencies in
handling of comments within XML nodes, resulting in incorrect parsing of the inner text
of XML nodes such that any inner text...

Doorkeeper gem has stored XSS on authorization consent view

February 21, 2018

Stored XSS on the OAuth Client's name will cause users being prompted for
consent via the "implicit" grant type to execute the XSS payload.
The XSS attack could gain access to the user's active session, resulting in
account compromise.
Any user is susceptible if they click the authorization lin...

Who's behind Octotrack?

My name is Tiago Alves and I'm an ex-medical doctor turned developer. Octotrack started as a newsletter to keep updated about new repositories releases and evolved into an automatic dependency & security manager tailored to developer's needs. It is still in its infancy so all feedback & help would be great (tiago@octotrack.com & @alvesjtiago on Twitter).